Research Blog

Company News

Oct 2, 2025

Competing at the DEF CON CTF Finals 2025

Company News • Oct 2, 2025

Nils competed in the DEF CON 33 CTF finals, placing 8th while running attack-defense operations, participating in the LiveCTF, and publishing a write-up on exploiting a Jukebooox bug leading to a glibc leak and ROP chain.

Offensive Security

Sep 24, 2025

Exploit Development Vulnerability Disclosure

Breaking ILIAS #1: From Open Redirect to Admin

Offensive Security • Sep 24, 2025

We describe two vulnerabilities in the learning management platform ILIAS that we found as part of a recent client engagement. Exploiting a stored XSS we achieve command execution as root.

Tooling & Open Source

Aug 7, 2025

Fuzzing Best Practices

Fuzzing Made Easy #2: Unlocking the Secrets of Effective Fuzzing Harnesses

Tooling & Open Source • Aug 7, 2025

Fuzzing is an effective technique for finding bugs, but it’s only as effective as your fuzzing harness. We explore the secrets of good harnessing for fuzzing, from common mistakes to best practices.

Mobile & IoT Security

Jun 27, 2025

Fuzzing Baseband Qualcomm Reverse Engineering

Hexagon-Fuzz: Full-system emulated fuzzing of Qualcomm basebands

Mobile & IoT Security • Jun 27, 2025

We developed the first open-source toolchain for full-system emulated fuzzing of any Hexagon firmware, addressing a critical gap in baseband security research.

Offensive Security

Jun 17, 2025

Telecom SS7 Vulnerability Disclosure Regulation

Ethical hackers can help reduce SS7 abuse

Offensive Security • Jun 17, 2025

Ethical hackers help reduce SS7 abuse by finding security problems to protect phone users, and clear rules are needed to ensure only trusted testers have SS7 access.

Defensive Security

Jun 6, 2025

Code Audit LLM AI Tooling Secure Development

Enhancing our Code Audits with AI

Defensive Security • Jun 6, 2025

We combine human expertise with AI as a co-pilot to enhance code audits, carefully protecting client confidentiality by analyzing closed-source code in-house, and continuously improving our models through benchmarking and fine-tuning without replacing expert human review.

Mobile & IoT Security

May 12, 2025

iOS Android Privacy Application Security

Xiaohongshu: Little Red Book reads you

Mobile & IoT Security • May 12, 2025

Xiaohongshu exposes users to network-level attacks through partially unencrypted traffic, collects more device data than disclosed, and actively obstructs app analysis efforts.

Tooling & Open Source

Apr 16, 2025

Fuzzing Go LibAFL Open Source

Fuzzing Made Easy Part #3: GoLibAFL — Fuzzing Go binaries using LibAFL

Tooling & Open Source • Apr 16, 2025

We developed GoLibAFL, a new fuzzer for Go code built on top of LibAFL.

Tooling & Open Source

Jan 31, 2025

Fuzzing Best Practices

Fuzzing Made Easy Outline

Tooling & Open Source • Jan 31, 2025

In this article series, we share all we know about effective fuzz testing.

Tooling & Open Source

Jan 31, 2025

Fuzzing Best Practices

Fuzzing Made Easy #1: A beginner’s guide to writing a fuzzing harness

Tooling & Open Source • Jan 31, 2025

In this article, we focus on customizing a fuzzing harness, the key to effective fuzz testing.